Author: jfthomps
Date: Tue Jun 16 14:55:02 2009
New Revision: 785242
URL: http://svn.apache.org/viewvc?rev=785242&view=rev
Log:
VCL-139
both files:
removed requirement of user's email address being passed in
shibauth/index.php:
-added a check for passed in eppn already existing in database; if so, no other
fields are required
-removed all NCSU specific cases when setting the skin cookie
Modified:
incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php
incubator/vcl/trunk/web/shibauth/index.php
Modified: incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php?rev=785242&r1=785241&r2=785242&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/authmethods/shibauth.php Tue Jun 16
14:55:02 2009
@@ -47,7 +47,8 @@
$user["lastname"] = $_SERVER['sn'];
else
$user['lastname'] = $displast;
- $user["email"] = $_SERVER['mail'];
+ if(array_key_exists('mail', $_SERVER))
+ $user["email"] = $_SERVER['mail'];
$user['unityid'] = $userid;
$user['affilid'] = $affilid;
@@ -65,9 +66,10 @@
$user['id'] = $row['id'];
$query = "UPDATE user "
. "SET firstname = '{$user['firstname']}', "
- . "lastname = '{$user['lastname']}', "
- . "email = '{$user['email']}', "
- . "emailnotices = 0, "
+ . "lastname = '{$user['lastname']}', ";
+ if(array_key_exists('email', $user))
+ $query .= "email = '{$user['email']}', ";
+ $query .= "emailnotices = 0, "
. "lastupdated = NOW() "
. "WHERE uid = {$user['id']}";
doQuery($query, 101, 'vcl', 1);
@@ -97,17 +99,19 @@
. "(unityid, "
. "affiliationid, "
. "firstname, "
- . "lastname, "
- . "email, "
- . "emailnotices, "
+ . "lastname, ";
+ if(array_key_exists('email', $user))
+ $query .= "email, ";
+ $query .= "emailnotices, "
. "lastupdated) "
. "VALUES ("
. "'{$user['unityid']}', "
. "{$user['affilid']}, "
. "'{$user['firstname']}', "
- . "'{$user['lastname']}', "
- . "'{$user['email']}', "
- . "0, "
+ . "'{$user['lastname']}', ";
+ if(array_key_exists('email', $user))
+ $query .= "'{$user['email']}', ";
+ $query .= "0, "
. "NOW())";
doQuery($query, 101, 'vcl', 1);
if(mysql_affected_rows($mysql_link_vcl)) {
Modified: incubator/vcl/trunk/web/shibauth/index.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/shibauth/index.php?rev=785242&r1=785241&r2=785242&view=diff
==============================================================================
--- incubator/vcl/trunk/web/shibauth/index.php (original)
+++ incubator/vcl/trunk/web/shibauth/index.php Tue Jun 16 14:55:02 2009
@@ -2,57 +2,75 @@
chdir("..");
require_once('.ht-inc/conf.php');
+require_once('.ht-inc/utils.php');
+require_once('.ht-inc/errors.php');
+function getFooter() {}
+$noHTMLwrappers = array();
+
+dbConnect();
+
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Sat, 1 Jan 2000 00:00:00 GMT");
if(! array_key_exists('eppn', $_SERVER) ||
- ! array_key_exists('mail', $_SERVER) ||
(! (array_key_exists('sn', $_SERVER) &&
array_key_exists('givenName', $_SERVER)) &&
! array_key_exists('displayName', $_SERVER))) {
- # check to see if any shib stuff in $_SERVER, if not redirect
- $keys = array_keys($_SERVER);
- $allkeys = '{' . implode('{', $keys);
- if(! preg_match('/^\{Shib-/', $allkeys)) {
- # no shib data, clear _shibsession cookie
- foreach(array_keys($_COOKIE) as $key) {
- if(preg_match('/^_shibsession[_0-9a-fA-F]+$/', $key))
- setcookie($key, "", time() - 10, "/",
$_SERVER['SERVER_NAME']);
+ # check for eppn; if there, see if it is a user we already have
+ if(array_key_exists('eppn', $_SERVER)) {
+ $tmp = explode('@', $_SERVER['eppn']);
+ $query = "SELECT u.firstname, "
+ . "u.lastname "
+ . "FROM user u, "
+ . "affiliation a "
+ . "WHERE u.unityid = '{$tmp[0]}' AND "
+ . "a.shibname = '{$tmp[1]}' AND "
+ . "u.affiliationid = a.id";
+ $qh = doQuery($query, 101);
+ if($row = mysql_fetch_assoc($qh)) {
+ $_SERVER['sn'] = $row['lastname'];
+ $_SERVER['givenName'] = $row['firstname'];
+ }
+ else {
+ # check to see if any shib stuff in $_SERVER, if not
redirect
+ $keys = array_keys($_SERVER);
+ $allkeys = '{' . implode('{', $keys);
+ if(! preg_match('/\{Shib-/', $allkeys)) {
+ # no shib data, clear _shibsession cookie
+ foreach(array_keys($_COOKIE) as $key) {
+
if(preg_match('/^_shibsession[_0-9a-fA-F]+$/', $key))
+ setcookie($key, "", time() -
10, "/", $_SERVER['SERVER_NAME']);
+ }
+ # redirect to main select auth page
+ header("Location: " . BASEURL . SCRIPT .
"?mode=selectauth");
+ dbDisconnect();
+ exit;
+ }
+ print "<h2>Error with Shibboleth authentication</h2>\n";
+ print "You have attempted to log in using Shibboleth
from an<br>\n";
+ print "institution that does not allow VCL to see all
of these<br>\n";
+ print "attributes:<br>\n";
+ print "<ul>\n";
+ print "<li>eduPersonPrincipalName</li>\n";
+ print "</ul>\n";
+ print "and either:\n";
+ print "<ul>\n";
+ print "<li>sn and givenName</li>\n";
+ print "</ul>\n";
+ print "or:\n";
+ print "<ul>\n";
+ print "<li>displayName</li>\n";
+ print "</ul>\n";
+ print "You need to contact the administrator of your
institution's<br>\n";
+ print "IdP to have all of those attributes be available
to VCL in<br>\n";
+ print "order to log in using Shibboleth.\n";
+ dbDisconnect();
+ exit;
}
- # redirect to main select auth page
- header("Location: " . BASEURL . SCRIPT . "?mode=selectauth");
- exit;
}
- print "<h2>Error with Shibboleth authentication</h2>\n";
- print "You have attempted to log in using Shibboleth from an<br>\n";
- print "institution that does not allow VCL to see all of these<br>\n";
- print "attributes:<br>\n";
- print "<ul>\n";
- print "<li>eduPersonPrincipalName</li>\n";
- print "<li>mail</li>\n";
- print "</ul>\n";
- print "and either:\n";
- print "<ul>\n";
- print "<li>sn and givenName</li>\n";
- print "</ul>\n";
- print "or:\n";
- print "<ul>\n";
- print "<li>displayName</li>\n";
- print "</ul>\n";
- print "You need to contact the administrator of your
institution's<br>\n";
- print "IdP to have all of those attributes be available to VCL
in<br>\n";
- print "order to log in using Shibboleth.\n";
- exit;
}
-require_once('.ht-inc/utils.php');
-require_once('.ht-inc/errors.php');
-function getFooter() {}
-$noHTMLwrappers = array();
-
-dbConnect();
-
// open keys
$fp = fopen(".ht-inc/keys.pem", "r");
$key = fread($fp, 8192);
@@ -80,7 +98,8 @@
array_pop($tmp);
$affilname = strtoupper(implode('', $tmp));
$affilname = preg_replace('/[^A-Z0-9]/', '', $affilname);
- $query = "SELECT name "
+ $query = "SELECT name, "
+ . "shibname "
. "FROM affiliation "
. "WHERE name LIKE '$affilname%' "
. "ORDER BY name DESC "
@@ -92,14 +111,18 @@
$cnt++;
$newaffilname = $affilname . $cnt;
}
+ elseif($affilname != $row['name'] && $affil !=
$row['shibname']) {
+ $newaffilname = $affilname;
+ }
else {
$msg = "Someone tried to log in to VCL using Shibboleth
from an idp "
. "affiliation that could not be automatically
added.\n\n"
. "eppn: {$_SERVER['eppn']}\n"
. "givenName: {$_SERVER['givenName']}\n"
- . "sn: {$_SERVER['sn']}\n"
- . "mail: {$_SERVER['mail']}\n\n"
- . "tried to add VCL affiliation name
\"$affilname\" with "
+ . "sn: {$_SERVER['sn']}\n";
+ if(array_key_exists('mail', $_SERVER))
+ $msg .= "mail: {$_SERVER['mail']}\n\n";
+ $msg .="tried to add VCL affiliation name
\"$affilname\" with "
. "shibname \"$affil\"";
$mailParams = "-f" . ENVELOPESENDER;
mail(ERROREMAIL, "Error with VCL pages (problem adding
shib affil)", $msg, '', $mailParams);
@@ -189,13 +212,9 @@
setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN);
# set skin cookie based on affiliation
switch($affil) {
- case 'WakeTech':
- case 'JohnstonCC':
+ case 'Example1':
+ case 'EXAMPLE2':
$skin = strtoupper($affil);
- case 'NCCU':
- case 'ECU':
- case 'UNCG':
- case 'WCU':
setcookie("VCLSKIN", $skin, (time() + (SECINDAY * 31)), "/",
COOKIEDOMAIN);
break;
default:
